Encrypt Raw Email Body S/MIME NodeJS

I am attempting to send a RAW Email via SES encrypted with S/MIME.

I have created email certificates (pfx) from here and have installed them locally on my email client (Thunderbird) running on my local machine. I have actually created two sets of pfx certificates for different users and I am able to send encrypted messages between the two accounts on Thunderbird.

I am confident that the pfx bundles are good. My NodeJS application that is sending the raw email via SES is working as expected if I take the the encrypted payload generated by one of my Thunderbird clients and replay that.

However if I try and encrypt the payload using nodejs.crypto the payload is not being encrypted correctly.

What I have done with the keys so far is only generate a public/ private keypair and attempt to encode my payload with the public key that I generated.

# extract key pair
openssl pkcs12 -in mypfx.pfx -nocerts -nodes -out keypairs.key

# Get private Key
openssl pkcs12 -in keypairs.key -out private.key

# Get pubic Key
openssl rsa -in keypairs.key -pubout -out public.key

Then once I have my public key I am using crypto.publicEncrypt to encrypt my payload.

function encrypt(publicKey, data) {
    const encrypted = crypto.publicEncrypt(publicKey, Buffer.from(data));
    return encrypted.toString('base64');
}

First of all is using the rsa public key correct? Should I be generating a different key? In my raw email header, the Content-Type: application/pkcs7-mime; is set, which is making me think that the keys I am generating are not correct (that plus the fact that it is not working).

EDIT: add more detail

How I am encrypting and decrypting

const fs = require('fs');
const path = require('path');
const { encrypt, decrypt } = require('../src/encrypto');


//Verify My Certs can encrypt and decrypt
const certsDir = path.resolve(__dirname, '../certs');
const privateKeyBuffer = fs.readFileSync(path.resolve(certsDir, '_private.key'));
const publicKeyBuffer = fs.readFileSync(path.resolve(certsDir, '_public.key'));

const encrypted = encrypt(publicKeyBuffer, 'Hello World!!');
console.log('encrypted', encrypted);
const decrypted = decrypt(privateKeyBuffer, encrypted);
console.log(decrypted);

// encrypto.js
const crypto = require('crypto');

function encrypt(publicKey, data) {
    const encrypted = crypto.publicEncrypt(publicKey, Buffer.from(data));
    return encrypted.toString('base64');
}

function decrypt(privKey, encrypted) {
    const toDecryptBuffer = Buffer.from(encrypted, 'base64');
    const privateKey = { key: privKey, passphrase: 'mypassphrase' } 
    const decrypted = crypto.privateDecrypt(privateKey, toDecryptBuffer);
    return decrypted.toString();
}

module.exports = { encrypt, decrypt }

Output:

$~: node test/test-certs.spec.js 
encrypted riWGojzIg4WLNQEmGn8tGuPCaHJFf2JWKefNukQCdtMAgnmyK4fMsFDCsjO/zzNHeqi0DKzqL0QoO2XjcBxjKGdLsj9eCO5iKfPRcz6+B3Twt1cVcvqqV8iVsUk1fWURdk5NlOXVKFsfr9K/r0ITcLsEdI/widZAbB5EvMTCARu8wLjfCnW5YwvzYa0DLxBRUlHUByRA2JH9tRNxKo5005Jd9cX/03EpyeRKx2fQAE5FezKYpqVdcI+342CzDdKJeKLm52mOE2jrmn+IPd+tn1Ojs4Hp4s1Pp2MsMQ+usOr5nuHQ0jf0RWdL5YPELhYlHNYrjPm3IQPmxy2yTb70oQ==
Hello World!!

How I am generating my raw email and its output

const publicKey = `-----BEGIN CERTIFICATE-----
MIIE6jCCA9KgAwIBAgIQMD3W6SOgZwmVlOr9itoGBDANBgkqhkiG9w0BAQsFADCB
jTELMAkGA1UEBhMCSVQxEDAOBgNVBAgMB0JlcmdhbW8xGTAXBgNVBAcMEFBvbnRl
IFNhbiBQaWV0cm8xIzAhBgNVBAoMGkFjdGFsaXMgUy5wLkEuLzAzMzU4NTIwOTY3
MSwwKgYDVQQDDCNBY3RhbGlzIENsaWVudCBBdXRoZW50aWNhdGlvbiBDQSBHMjAe
Fw0yMDAyMjAwOTAzMjlaFw0yMTAyMjAwOTAzMjlaMB0xGzAZBgNVBAMMEm9yZWls
cDI1QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL/1
...
yucbl6FfBe1Hp1fdeDOv9R0dCFz3gzxd0fROaKonfM2c5TVPMWERpZYlEo37wU5c
xySMkDWcdoja3b95cmQ=
-----END CERTIFICATE-----
`;

const message = encrypt(Buffer.from(publicKey), 'hello world!!');

const email = `Content-Type: application/pkcs7-mime;
name=smime.p7m;
smime-type=enveloped-data;
charset=binary;
Content-Description: Enveloped Data
Content-Disposition: attachment; filename=smime.p7m
Content-Transfer-Encoding: base64
From: ${process.env.FROM}
To: ${process.env.TO}
Subject: Example S/MIME encrypted message
Date: Wed, 19 Feb 2020 22:00:49 +0000
Message-Id: <1582149649876-69879fa3-77528c1b-63d7aefa@example.com>
MIME-Version: 1.0

${message}`;

console.log(email);

result:

Content-Type: application/pkcs7-mime;
name=smime.p7m;
smime-type=enveloped-data;
charset=binary;
Content-Description: Enveloped Data
Content-Disposition: attachment; filename=smime.p7m
Content-Transfer-Encoding: base64
From: undefined
To: undefined
Subject: Example S/MIME encrypted message
Date: Wed, 19 Feb 2020 22:00:49 +0000
Message-Id: <1582149649876-69879fa3-77528c1b-63d7aefa@example.com>
MIME-Version: 1.0

i65Tv2b4YE0rQlpdaMPD+ugxHNf1F2q3f6Tut2JTiGwj0YDSITNoRou4KBb2mXaIrn3t5Mjrp8icJ2rIuFfjpaulcq7Q0cqd9mzuHSpWdv53a2H5mI5KMH/2aRmDjAVPuvIGgEB9BlnFmCxajj7ohjBAsmHTyq5yODc+2cUWIALN+6wzgJtrzCSTa+xvmWlxuTRoDejbw6weuRodQ4vXXPWIbczl17coBslz7cl29SYbxhTNmxp1OOA358Om8/+VcASUwBj6HzWXTGt2RnNFpXB1IW2km2naXtj/Me6rBbWGKRUemNnPKJEbBNsV9bYXLBox1uiMRVKR+JbSB9Tp4g==